VitalQIP Product Description - Alcatel
Transcription
VitalQIP Product Description - Alcatel
VitalQIP® 7.2 DNS/DHCP & IP Address Management Solution Product Description Next Generation Platform © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions VitalQIP Product Description Contents CONTENTS 1 Introduction .................................................................................. 5 1.1 Scope............................................................................................. 5 1.2 Audience ........................................................................................ 5 1.3 Introduction to IP Management............................................................. 5 1.4 Benefits/value proposition .................................................................. 5 2 Product Capabilities ....................................................................... 6 2.1 Architecture .................................................................................... 7 2.1.1 VitalQIP Components............................................................................7 2.2 Core Product ................................................................................... 9 3 2.2.1 User interface....................................................................................9 2.2.2 The 7.2 Web GUI.................................................................................9 2.2.3 Command Line Interface ..................................................................... 11 2.2.4 New Web Services API ........................................................................ 11 2.2.5 API Toolkit ...................................................................................... 11 Features .....................................................................................12 3.1 VitalQIP 7.2 Next-Generation Web GUI ..................................................12 3.2 VitalQIP Client GUI – traditional “thick” client.........................................22 3.2.1 Thick Client Menus ............................................................................ 22 3.2.2 Flexibility in Supporting Mulit-Vendor Solution........................................... 24 3.3 VitalQIP Appliance-Based Solution ........................................................25 3.3.1 The AMS GUI explained by tab .............................................................. 29 3.4 Application Programming Interfaces .....................................................30 3.5 Database........................................................................................30 3.6 Data Viewing and Filtering Capability ....................................................31 3.7 Data Export/Import Capabilities ...........................................................31 3.8 SNMP Capabilities.............................................................................31 3.9 Reporting Capability .........................................................................31 3.10 User Configurable Capability ...............................................................32 3.11 Innovative Profiling Capabilities...........................................................32 3.12 Flexible Subnet Management ..............................................................33 3.13 Customized User Interface .................................................................33 © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 2 VitalQIP Product Description Introduction 3.14 Administrative Roles .........................................................................33 3.15 Secure Dynamic Update Support ..........................................................33 3.16 Single Login For VitalQIP Software........................................................33 3.17 Ability to Change DNS Options on Multiple Domains Simultaneously ..............34 3.18 Push to Remote Server ......................................................................34 3.19 Enhanced Go To/Search For Fully Qualified Domain Names.........................34 3.20 ACL Policy templates ........................................................................34 3.21 Login Service Authentication Callout ....................................................34 3.22 Redundant Schedule Service ...............................................................34 3.23 Job Scheduler .................................................................................35 3.24 DHCP Option 82 support ....................................................................35 3.25 Windows Support .............................................................................35 3.26 Microsoft Secure Zones......................................................................35 3.27 Changed Records Push.......................................................................36 3.28 Secure Messaging .............................................................................36 3.29 DNS & DHCP Server Compatibility.........................................................36 3.30 DNS – Domain Name Server and Dynamic DNS ..........................................36 3.31 Configuring Remote DNS Servers ..........................................................37 3.32 Dynamic DNS...................................................................................38 3.33 DHCP - Dynamic Host Configuration Protocol...........................................38 3.34 Configuring DHCP Servers...................................................................39 3.35 DHCP Intelligent Templates ................................................................39 3.36 Managing DHCP ranges.......................................................................39 3.37 DHCP Failover .................................................................................40 3.38 Third-party DHCP Servers...................................................................40 3.39 Database and DDNS Updates ...............................................................40 3.40 VitalQIP Administration .....................................................................40 3.41 MyView .........................................................................................41 4 Additional Product Features ............................................................41 4.1 VitalQIP Audit Manager Module ............................................................41 4.1.1 VitalQIP Services Manager Module .......................................................... 42 4.2 VitalQIP Registration Manager Module ...................................................43 4.2.1 VitalQIP Workflow Manager Module ........................................................ 43 © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 3 VitalQIP Product Description Introduction 4.3 VitalQIP Alcatel-Lucent DHCP Rules Manager...........................................44 4.3.1 VitalQIP ENUM Manager....................................................................... 45 4.4 Computing Platform Requirements and Options .......................................45 4.4.1 Supported Platforms .......................................................................... 45 4.4.2 High Availability Architecture ............................................................... 45 5 SyStem performance and reliability...................................................46 6 Operations, administration and Maintenance ......................................46 6.1 Security.........................................................................................47 6.2 Disaster Recovery ............................................................................47 7 What’s New in VitalQIP 7.2 .............................................................47 7.1 Next Generation Architecture and New Web UI .......................................48 7.2 DNS Views ......................................................................................49 7.3 Report Enhancements .......................................................................50 7.4 Managed Files .................................................................................51 7.5 MyView .........................................................................................51 7.6 What’s New in QIP Appliances for QIP 7.2 ..............................................53 8 Standard compliance – RFC’s supported..............................................54 8.1 DNS RFCs .......................................................................................54 8.2 DHCP RFCs .....................................................................................56 9 Implementation, Configuration, and Testing (Software integration services)57 10 Product Education and Training .......................................................57 11 Future Enhancements .....................................................................57 © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 4 VitalQIP Product Description Introduction 1 INTRODUCTION 1.1 Scope VitalQIP® is the industry’s leading IP management software product. This product description provides a detailed technical and marketing description of VitalQIP. This includes background on the basics of IP management; the business needs and value proposition, and an overview of the product itself, including the latest release 7.2 features. This document should be used and viewed in conjunction with the most current VitalQIP 7.2 Release Notes and Web Client User’s Guide. 1.2 Audience This document is intended for Sales, Marketing, Product Management, Services, Business Partners and Information Delivery personnel requiring an in-depth description of VitalQIP® and its extended capabilities. 1.3 Introduction to IP Management It can be argued that VitalQIP, or QIP as it was originally named, created the IP management software market. QIP was first released to the market in 1995 based on a request from J P Morgan for a software application to manage their IP address space. They required a single centralized inventory of their IP addresses, how their IP space was subnetted and which addresses were assigned where. Now, 13+ years later and with over 850 customers worldwide, VitalQIP is still the industry-leading product. The basic requirements of IP Address Management, coupled with required DNS and DHCP services, have not changed over the years. What have changed are the network trends and requirements of these networks that have made having a consolidated system like VitalQIP essential to both enterprise and service provider companies. VitalQIP has met these growing trends in every way – whether it be responding to new technologies such as IPv6, VoIP, or ENUM; or meeting the needs of our customers by introducing the Alcatel-Lucent Appliances; or providing tools, such as better reporting and Workflow Manager, and thereby continuing to provide automation and efficiencies in customers’ networks. The explosion of IPenabled devices and networks, along with policies and procedures has further escalated customers’ needs for a proven, scalable IP Address Management solution in their architectures today. With the everchanging market dynamics in hardware and direction, the VitalQIP solution continues to be the most flexible in the market today, providing either a software solution integrated with multiple platforms, or a full appliance-based hardware/software solution. 1.4 Benefits/value proposition VitalQIP provides the following benefits: • Automation of IP address assignment increases end user productivity and reduces manual processes as well as help desk calls. • Accurate, centralized IP network inventory reduces address assignment errors and links IP device addresses to domain names. It also improves network moves/adds/changes processes by providing IP address visibility to the individual object level, not just subnet block. • Subnetting tools simplify and improve accuracy of subnetting operations and reduce the requirement to remember binary arithmetic. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 5 VitalQIP Product Description Product Capabilities • Hierarchical graphical user interface (GUI) allows viewing of IP network by domain, network, subnet, subnet organization, DNS server, DHCP server, and even a user definable hierarchy. This allows use of the software across a multitude of constituencies with varying perspectives, hot buttons, and backgrounds. Flexible administrator network resource visibility also increases security and improves accountability. • DHCP failover capabilities and multiple DNS server redundancy maximize availability of IP address and name services to clients, keeping them productive despite failures. • Flexibility to support existing BIND or Microsoft environments with full integration lowers start up and ongoing costs. • Support for DNS Bind Views. • Optional integrated VitalQIP Appliances to take advantage of the off-the-shelf hardware/software solution with extended capabilities for efficient patch management and processing. As well as DNS High Availability. Control VitalQIP provides centralized IP address space, DNS, DHCP and ENUM . management. Speed Centrally manage IP address space, DNS, ENUM and DHCP servers Plan your IP space then simply push server configuration files to distributed DHCP/DNS servers. Accuracy VitalQIP ensures accurate, properly formatted configuration files are pushed to DNS and DHCP servers to keep IP services available. Delegation VitalQIP enables delegation of responsibility with administrator profiles and granular control of user permissions. Security VitalQIP provides access controls, SSL communications, and GSS-TSIG to prevent DNS cache poisoning. DNSSEC is supported while key management is provided by the customer. Scalability Carrier class with proven scalability (millions of IP addresses). Quality Standards-based software designed under strict quality management and best practices. Support VitalQIP provides superior class maintenance and support. Evolution VitalQIP delivers 1 major releases/year, continuing to support latest standards/technologies including IPv6 and appliance based solutions. 2 PRODUCT CAPABILITIES VitalQIP® is the most feature-rich IP management software product in the market. As the market leader and through implementation of customer suggestions, the product has evolved over the years to ensure that existing customers and future customers continue to leverage the most proven product in the market to keep pace with the trends in the IPAM space today. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 6 VitalQIP Product Description Product Capabilities The Next Generation Platform for VitalQIP 7.x takes VitalQIP to a new level. This was an opportunity to create a new data representation which would allow for a flexible model to accommodate the shift in data and explosion of devices and protocols present in today’s networks. The following diagram shows the functional components: Workflow Manager Integration with other systems Soap API Audit Manager LDRM Address Allocation Web Services QIP API ARIN/APNIC/AFNIC/RIPE Internet Registries ENUM Manager DNS DHCP Auto Discovery SNMP Services Manager Servers DHCP Server PC PC Routers DNS Server DHCP/DNS Appliances All Rights Reserved © Alcatel-Lucent 2006, ##### 2 | Presentation Title | Month 2006 2.1 Architecture 2.1.1 VitalQIP Components Enterprise Server and Database Components • VitalQIP Enterprise Server • VitalQIP Remote Server • VitalQIP GUI Client • VitalQIP Distributed Services • VitalQIP Web Client Interface • VitalQIP Add-on Modules • VitalQIP Appliances © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 7 VitalQIP Product Description Product Capabilities VitalQIP Architecture VitalQIP Enterprise Server Arbitrates and validates access to the information, controls IP services and interfaces to the data repository VitalQIP Clients: Windows, Motif, Web, CLIs Remote Servers DNS, DHCP, Bootp, NIS, Local Host Files Relational (RDBMS) VitalQIP database Sybase or optional Oracle IP address registration, DNS/DHCP configurations, and administrator definitions are stored in a central RDBMS repository. This database can be based on an Oracle or Sybase engine and can reside on a Sun Solaris, Windows, RedHat Linux or Alatel-Lucent Appliance. Alcatel-Lucent Technologies currently ships VitalQIP software with a run-time version of Sybase. Alcatel-Lucent Technologies does not resell or embed Oracle, which must be licensed separately by the customer. Once installed and configured an appliance is turned up, the central database – or Knowledgebase – is the center of the VitalQIP services. From this point, all DNS configurations, DHCP registrations, administrator profiles, and addresses are maintained. The Knowledgebase then becomes the source of information for network topologies, IP services (DNS and DHCP) information and configuration models, administrative privileges, and profiles of individual network object profiles (such as cable modem, hubs, routers, servers, etc.). The Knowledgebase is maintained and manipulated by both IP services and distributed administrators using an intuitive GUI. The Knowledgebase then extends itself for the management and maintenance of DNS and DHCP operations. All DNS/DHCP servers communicate to the centralized database only for initial configuration or updates, as configuration files or boot files are modified or removed. Servers can be configured to send update information to the database as IP addresses are leased, renewed, or re-leased for DHCP and for external dynamic DNS updates, say from Windows clients, for DNS. Each enterprise server consists of additional daemons/services that control scheduling, remote connections, and message queuing. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 8 VitalQIP Product Description Product Capabilities Alcatel-Lucent provides a full database schema to customers that define table/field relationships, so that custom APIs and interfaces can be developed to extract or update information from third-party or corporate applications. As a planning and reporting tool, the Enterprise Server includes sophisticated utilities for importing and validating network information, extensive reporting capabilities, and a flexible interface for routine and ad hoc inquiries that allows users to view audit trails by device or administrator. 2.2 Core Product 2.2.1 User interface The VitalQIP Product has matured over the years from offering multiple interfaces to now focusing on the next generation platform offering a new web based GUI. In the VitalQIP 7.2 release, the traditional Motif GUI interface for UNIX systems, Command Line Interface and the C/C++ API (VitalQIP API Toolkit) all remain the same. Historically VitalQIP has maintained both Windows and motif GUI or the ‘Thick Client’ as well as a Limited Web GUI. It has been clear that the VitalQIP customer base is becoming increasingly more focused on mobility, flexibility and speed of accessing VitalQIP from anywhere. Therefore, as part of the next generation application a brand new Web Based GUI has been created. The following outlines the most current release functions within VitalQIP7.2 2.2.2 The 7.2 Web GUI The VitalQIP 7.2 Web GUI includes all the functions for a basic administrator to perform day-to-day work: • IPv4 Subnet Management • IPv4 Address (Object) Management • Address Allocation (IPv4 and IPv6) • IPv6 Address Management (Address Ranges, Subnets, IP Address) • Node Management • Subnet Management • Reports • User defined Attribute Management • Node Management • MyView (customized scope/hierarchy for each Admin) • Auto Discovery • New scheduling feature for IPv6 • Extended validation and security for Admin Password • Integration with Add-ons such as Appliance Management System and Auto Discovery © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 9 VitalQIP Product Description Product Capabilities The 7.2 Client GUI contains all the functions that a master administrator needs to perform day-to-day operations: • Infrastructure support – Organization, Network, Subnet Org • Ability to create Domains, Networks, etc. • Policy Management • User Defined Attributes • DNS Server Configuration • DHCP Server Configuration • Address Reclaims • Active Lease Viewing/Management • Administrative Permissions The 7.2 Web GUI is fully explained in the VitalQIP 7.2 Web Client User’s Guide. Below is a sample screenshot of the QIP 7.2 GUI main screen: © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 10 VitalQIP Product Description Product Capabilities 2.2.3 Command Line Interface The command line interface provides an extensive set of CLIs for users who prefer such an interface. This interface is very similar to a UNIX command line with a command along with a set of required and optional command arguments. 2.2.4 New Web Services API The Web Services API offers many of the existing CLI commands, as well as all new commands. The VitalQIP Web Service is used to access the Address Allocation, Address Management, DNS Views (including their zones and servers), and Managed Files, functionality provided by VitalQIP. The interface uses the Simple Object Access Protocol (SOAP), which encodes messages using Extensible Markup Language (XML), and uses HTTP or HTTPS for transport. A Web Services Description Language (WSDL) document is available that defines the interface. 2.2.5 API Toolkit The API Toolkit provides a programmatic interface into VitalQIP and the Lucent DHCP server. Enterprises or service providers wishing to integrate VitalQIP functions into a larger management system infrastructure may chose this interface. The API provides a rich set of C/C++ calls. VitalQIP API Toolkit Provides APIs for: Administrative GUI External Customer Programs VitalQIP Enterprise Database VitalQIP DHCP Servers Customer Program Supplements: API GUIs and Policies VitalQIP CLIs and User Exits Integrates with: Workflow Applications API Network OA&M Applications DHCP DDNS All Rights Reserved © Alcatel-Lucent 2006, ##### © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 11 VitalQIP Product Description Features 3 FEATURES The following are the key features of the VitalQIP product. 3.1 VitalQIP 7.2 Next-Generation Web GUI The 7.2 next-generation Web GUI was designed and built using Redefined Software Architecture and Tools such as Spring, Hibernate, AJAX, etc. Below is the main section with the home screen set of tabs. The ten main tabs are described in detail below. MyView tab – This tab allows users to access the pre-defined ‘views’ of the GUI that either they set up or have been set up for them. The MyView tab consists of two sub-tabs MyView Hierarchy and MyView Personalization: • MyView Hierarchy – Allows the user to view the properties of personal and shared views. • MyView Personalization – Used to add, modify and delete personal views. Address Management tab – This tab allows for user to perform IP Address Management for IPv4, IPv6 networks as well as manage or set up nodes in the VitalQIP 7.2 Web GUI. This tab consists of three sub tabs IPV4, IPV6 and Node • IPV4 – Administrators can view networks, domains, subnets, subnet organizations, add networks and search. • IPV6 – Used to add a seed block, subnet search, add an address range, or run some configured reports. • Node – New to QIP 7.x. add a node and search nodes DNS tab – Provides the entire configuration necessary for DNS servers. This tab has six sub-tabs shown below: • ACL Templates – Add, modify and delete ACL Templates © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 12 VitalQIP Product Description Features • Zone – Add, modify and delete DNS zones • DNS Server – Add, modify and delete DNS Servers • Non-Managed DNS Servers – Add, modify and delete Non-Managed DNS Servers • DNS Generation – Perform DNS file generations • Managed Files – Add managed files DHCP tab – Creates and modifies DHCP server configurations and policy templates. The DHCP tab consists of three sub-tabs shown below: • DHCP Server – Add, modify and delete DHCP servers, as well as the following: • DHCP Template – Add, modify, delete and copy various DHCP policy files. • DHCP Client Class – Add, modify and delete user, vendor and device class. Address Allocation tab – This tab allows users to define the network in terms of pools and blocks. This is an alternative way of defining ones network than in the traditional Address Management option. It provides the function to allocate IP address space by using user-defined rules and a hierarchical address pool structure. Also provides the mechanism to adhere to the proper Internet Registries. This is the functional area where administrators can set up allocation rules and subnet/address templates to be used throughout the design of networks. Allocation Rules and Subnet/Address Templates are extremely powerful and efficient in providing consistency in network design and definition. This is also where integration with internet registries is established. The following further outlines the types of data that can be defined. The Address Allocation tab has four sub-tabs shown below: • Pool Hierarchy – Allows for configuration and management of address allocation pools for IPV4 and IPV6. Below is a view of this screen: © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 13 VitalQIP Product Description Features • Block Hierarchy – Allows for configuration and management of address allocation seed blocks. Below is a view of this screen: • Rules – Used to add, modify and delete custom rules that can be applied to IPV4 and IPV6 allocations. • Internet Registries – Controls all configuration necessary for internet registries. Currently QIP supports ARIN, Ripe, APNIC and AFRINIC. All changes in address space that need to be communicated with the local internet registry are configured here for automatic communication. See the view below: © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 14 VitalQIP Product Description Features Infrastructure tab – VitalQIP incorporates enhanced tools to leverage the user experience and provide basic customization type functions for more efficient use of the application. This tab contains the administrative functions for setting up these items to be used during daily actives. This tab consists of eight sub-tabs. • MyView Management – Allows for the administration and set-up of personal views, shared views or “myView” to be set up for users or shared by users. This enables a master or organization administrator to define and set up views of the system that have a narrower scope, views that can be then assigned to one or more normal administrators and thereby allow them to focus on their daily activities and only the infrastructure items for which they are responsible. • Templates – Add, modify and delete Address, subnet profile and reverse zone templates. When planning networks, it is essential to establish standards that are applied throughout the network for how IP services are expected to function and operate. The purpose is to describe the various functions in VitalQIP that you can use to establish those standards through the use of templates. • Job Scheduler – The feature allows tasks to be scheduled. In the 7.2 release IPv6, DNS Push and reports can be scheduled future release of the product will allow many more tasks to be scheduled. The Job Scheduler feature is designed to avoid the user having to wait an indeterminately long time for a request to complete, and to allow for jobs to be scheduled to run at a later time. All jobs are run as the VitalQIP Administrator who scheduled the job. • Attribute – Attributes allow you to specify values you want to associate with elements such as pools, blocks and nodes in the VitalQIP database. You can use these values to tie Address Allocation, Address Management and DNS and DHCP infrastructure into your corporate processes. For example, you can associate an employee’s badge number of cost center with a subnet. There are three components to attributes. The attributes themselves and attribute groups. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 15 VitalQIP Product Description Features Attributes are individual pieces of information you want to associate with items in the VitalQIP Database. Examples could be Employee Badge Number. Manager’s Name. Product Name or Department. Attribute groups are a way to organize attribute names. Examples could be Employee Information. Products or Departments. An attribute does not have to be assigned to an attribute group or can be assigned to more than one attribute groups. Infrastructure objects such as pools, blocks and nodes are defined on the attributes section. You can associate an Attribute with any defined infrastructure object. You can define attributes and groups in this tab. You associate them with various elements of the database when you define those elements. For example you can define and attribute here and associate with the infrastructure object pool, but to associate a specific pool, you must edit the pool’s properties. Add, Modify and delete of User Defined attributes. These attributes are used to customize the GUI and user data. Once assigned to an infrastructure type the attribute is fully searchable. Below is the list of infrastructure types that UDFs can be assigned to: • Object Classes – Add, modify and delete of naming policies which define devices such as PC, Printer, router, wiring HUB… and the same for object classes. • Global Policies – Allows the management of global policies directly in the tab. Below is a sample view. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 16 VitalQIP Product Description Features • Organization – Used to configure organizations. Organizations are used to define address space in QIP. QIP does not support the same address space in one organization. A duplicate address space must be separated between organizations. • Switch Organization – Simply allows you to switch to another organization without logging out and in again. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 17 VitalQIP Product Description Features An alternate way to switch organizations is directly on the main screen: Change organization shortcut Administrators tab – This tab is where user and administrator configuration takes place. This area is how you assign users the ability to access or view QIP data. This tab is made up of four sub-tabs shown below: his is where all • Administrator – Add, modify or clone master and normal administrators. Assign them to organizations and administrative roles. Allows the input of Contact Information. • Admin Roles – Allows the management of administrator roles and the managed lists that make up the roles. See below: • Administrator Security – Allows the user to assign levels of security that will be run at login. QIP also offers a login callout that allows a customer to point all QIP logins to a corporate domain controller or LDAP server to ensure all corporate security is enforced and then allows QIP to provide a login to QIP. Below is a view of the QIP security screen: © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 18 VitalQIP Product Description • Features Change Password – Standard change password screen is shown below: Reports tab – VitalQIP 7.2 has incorporated a new reporting package with the 7.x Platform. This includes a free-ware tool call Jasper Reporting. In 7.2, reports are accessed through the Web GUI and the traditional “Thick Client,: Reports provide the user with information to manage pools, blocks, IPv4 subnets, IPv6 subnets, nodes, views and allocation rules. Each report can be formatted and saved as a file, as well as displayed on the screen. You can produce reports from the following locations: • From the Reports tab • From the Reports icon on the toolbar • From the Properties page of an item selected in the hierarchy • Original reports from the “thick” client Note: Report availability is based on administrator privileges. If an administrator does not have access privileges for certain functions, related reports are not displayed. Below is a view of reports from the reports tab. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 19 VitalQIP Product Description Features Links tab – This tab is reserved for additional features that have potentially been developed outside the scope of the core VitalQIP product but that are integrated with the core appliance. • AutoDiscovery – AutoDiscovery is delivered at no cost as part of the 7.2 QIP license. AutoDiscovery allows you to inventory the network, compare the result against the VitalQIP database and produce comparison reports. You can then use the comparison reports to help define new networks, reconcile an existing VitalQIP database, and detect rogue and duplicate IP addresses. VitalQIP AutoDiscovery allows you to create profiles from your VitalQIP instance and then run the network discovery function on that part of the network. Integrating with VitalQIP for input eliminates the possibility of errors in data entry and makes the discovery process seamless. Creation of profiles allows the user to run the discovery in an “offline” mode even when it is not connected to VitalQIP database. The same profile information is then used to extract the corresponding data from VitalQIP. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 20 VitalQIP Product Description Features VitalQIP AutoDiscovery includes a configurable Diff Engine that can compare the two inputs received from network data extraction and VitalQIP data extraction. The output of the Diff Engine is displayed in a user-friendly HTML format. The users can also filter the reports to see subsets of the report like view dynamic addresses, view static addresses, filter out zero MAC addresses etc. For programmatic processing of the output, this information is also available in an XML format. AutoDiscovery includes the following components: Network Data Extractor – Discovers the Ethernet and IP network elements and related equipment configuration information for a set of one or more subnets defining the scope of the network query. The Network Data Extractor uses Request Profiles to determine the scope of network discovery and other parameters applicable to the network discovery request. VitalQIP Data Extractor – Extracts the corresponding VitalQIP object data for the set of subnets used by the Network Data Extractor. The VitalQIP Data Extractor uses the same Request Profiles as the Network Data Extractor to determine the VitalQIP Organization and list of subnets from which to extract the object data. Diff Engine – Compares the output of the Network Data Extractor and the VitalQIP Data Extractor, and based on a configurable set of fields (referred to as “Diff Keys”), generates a Diff Report showing the differences between the two sets of data. Administrative GUI – Permits the configuration of the Network Data Extractor and the VitalQIP Data Extractor. In addition, it is the mechanism for invoking each of these processes, and provides access to the various Diff reports. Request Handler – Handles GUI/CLI requests to run Network Data Extractor, VitalQIP Data Extractor and Diff Engine. It provides a common interface for all three requests. It is logically made up of one request handler to interface with each of the three components of a discovery job. A fourth request handler, not shown in the illustration, permits all components to be run as a single request. Job Status Manager – Maintains the status of requests for Network Data Extraction, VitalQIP Data Extraction and Diff Report. It is responsible for determining when requested actions are allowed. Appliance Manager – This tab is used if the deployment includes the Alcatel-Lucent Integrated Appliances. It is accessed to manage all appliances in the architecture, including the Enterprise Server and/or the Remote DNS and DHCP appliances. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 21 VitalQIP Product Description Features 3.2 VitalQIP Client GUI – traditional “thick” client Disclaimer. The thick client is provided in VitalQIP 7.2 as a transitional GUI for existing users of QIP. The thick client will not be delivered in VitalQIP 7.3. 3.2.1 Thick Client Menus Policies Menu – VitalQIP helps you define and establish policies or methods that network planners use to enforce consistent rules for particular management and configuration aspects of VitalQIP. • DHCP/Bootp Templates – This function allows users to create and modify templates for DHCP and/or Bootp servers. This allows the definition of option values (such as the DNS server option mentioned earlier) to be provided to a DHCP or Bootp client requesting an IP address. Templates help organize groupings of option values for assignment on particular scopes, subnets, servers or for particular user or vendor classes. • Client class – This allows definition of a user class or vendor class along with associated DHCP or policy option templates. User or vendor class provides for assignment of DHCP or policy options based upon the user class or vendor class setting independent of the scope, subnet or even server on which the request was received. This is useful for consistently handling RAS devices for example, or for defining option values for particular service levels. • Naming policies – These policies allow the definition of a naming convention for objects created in VitalQIP either statically or dynamically through DHCP or Bootp. The naming uses a user-defined numerical prefix or suffix and a text field in between based on the type of object being created. • Global policies – These policies allow customization of standard system wide behavior, with respect to dynamic DNS, reports, billing and more. • Manufacturer profiles – Allows definition of valid manufacturers and their associated MAC (media access control) address prefix. • Location profiles – These profiles establish locations that can be associated with subnets and/or individual IP objects. • Contact profiles – Contact information profiles are established, which can later be associated with subnets and/or individual IP objects. • User defined attributes – VitalQIP provides the flexibility to allow user defined fields for objects, subnets, and users to be created. Infrastructure Menu – This menu allows the creation of the overall IP infrastructure of the customer's network, from IP networks, domains, and even administrators • Organization – Each organization is considered an entity independent of other organizations defined in VitalQIP. As such, each organization can have its own private address space (per RFC 1918). This feature is useful when managing a merger of two or more companies or for service providers wishing to provide customer network management, allow a customer or Organization visibility only to its own portion of the network. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 22 VitalQIP Product Description Features • Server – This feature provides definition of IP address and name servers to be configured via VitalQIP. These servers can be Bootp, DHCP, DNS, NIS, or Local (hosts.txt). Several server parameters appropriate to the server type are defined in this screen. • Domain – The domain name hierarchy is defined here along with association with primary and secondary authoritative DNS servers. • Network/Reverse Zones – This feature provides definition of the IP network breakdown and association address-to-name lookup functions (known as reverse zones in DNS). • Non-Managed DNS server – This function is used to define and modify VitalQIP secondary (slave) DNS servers that are slave for master DNS servers that are managed outside the scope of VitalQIP. For example, a service provider may wish to offer a full DNS service, but also a lower cost secondary only service; under the latter case, the customer may run the master DNS servers, with the service provider providing secondary or slave DNS. • OSPF Area – This menu allows users to define their network in terms of OSPF routing areas and masks. • Subnet Organization – These are groupings of subnets and can be used to represent Microsoft® “sites” in a Windows® environment or to define global address allocation policies to be applied to the subnets within the subnet organization. • Application – This function is used to define an “application” to which objects can be associated. Applications can be used to differentiate between departments, divisions or other entities that require separate reporting. • Administrator – Administrators of the VitalQIP system are defined in this menu. Each administrator can be assigned a set of infrastructure they can access either as read-only or readwrite selectively. In addition, certain policies can be assigned to administrator functions and even menu items available to the administrator can be defined. • Administrative Role – This function allows definition of a template of administrative privileges, which can then be assigned to individual administrators. The use of administrative roles simplifies the modification of infrastructure and associated administrator privileges for a large number of administrators. The managed list of infrastructure can be changed once in the role definition, which applies to assigned administrators instead of having to change it individually for each administrator. • User Group – This feature allows users to be grouped so consistent parameters can be associated with each member of the group. Import Menu – This menu allows users to import an existing file into the VitalQIP database for one or more domains, networks, OSPF areas, subnet organizations, objects, MAC address pools, or subnets. Management Menu – The Management menu provides options to help manage objects, users, and subnets, on down to MAC addresses. • Hierarchy – This function displays the hierarchy of domains, networks, OSPF areas, subnet organizations and/or subnets. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 23 VitalQIP Product Description Features • Object Management – This menu item allows administrators to assign, reserve, move, dynamically allocate, assign DHCP scopes and define properties to objects. • User Management – This item allows administrators to manage users and the groups to which they are associated, including user profile management. • Go To/Search – This function provides a flexible search function for domains, OSPF areas, subnet organizations, used or free subnets, or objects by name, alias or address. • Reclaim addresses – When objects are moved or networks subnetted or rejoined, some objects may be marked as used but in reality not be used. The reclaim function allows the sampling of IP addresses on a network over an interval of time with results being to generate a report, to reclaim (free up) the addresses or both. • Global MAC Address Pool – This function allows one to assign MAC addresses to a pool. In turn, the DHCP server with that pool can then manage the addressed based on inclusion or exclusion from the MAC address pool. MAC address is a parameter of the DHCP packet during the DHCP process between a client and the DHCP server. Network Services Menu – This menu allows administrators to generate configuration files for DNS servers, DHCP servers, Windows 2000 domain controllers, Bootp servers, NIS servers, and even local host text files. With the click of a mouse, information entered via the infrastructure and management menus is correlated and appropriate configuration information is displayed on the screen or "pushed" to the appropriate server. In addition, a View Active Lease menu sub item allows one to view the active lease file on a DHCP server for a specific subnet or the entire server. Reports Menu – Management and operational reports can be obtained via the Reports menu. Reports can be generated to the screen, a file, a printer, or emailed to an end user or administrator. Audit reports are available for administrator activity history or object history. View Menu – This menu deals with the toolbars and status bars displayed on the GUI. Help Menu – Comprehensive on-line help is provided with the software. 3.2.2 Flexibility in Supporting Mulit-Vendor Solution VitalQIP is a centralized IP management tool, which is also used to configure DNS and DHCP servers from a variety of vendors. This provides a tremendous amount of flexility to bring VitalQIP into existing environments and provide consolidated management of the existing infrastructure. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 24 VitalQIP Product Description Features VitalQIP supports the following servers. • Alcatel-Lucent DNS servers • Alcatel-Lucent DHCP servers • Microsoft DNS servers • Microsoft DHCP servers • Any BIND 8 or 9 compliant DNS server • Alcatel-Lucent Appliances End user PCs, broadband devices, etc. utilize RFC compliant DHCP or DNS transactions to interface with these servers. Please see release notes for the latest releases of software supported. 3.3 VitalQIP Appliance-Based Solution The VitalQIP Appliance Manager (AM) solution is Alcatel-Lucent’s answer to today’s complex networks critical need for reliable, secure and low cost address allocation and management. The AM solution also addresses the shift in the IPAM market towards appliances, for increased reliability, manageability, scalability and security. The Alcatel-Lucent solution is the only solution purposely built to offer the industry leading IPAM software as an appliance solution. The VitalQIP Appliance Manager integrates VitalQIP DNS/DHCP IP Address Management Software with state of the art hardware servers from Intel, providing enterprises with a cost effective way to maintain their network with hardened high-performance appliance solution and easy-to-use management software for automated software upgrades and monitoring. The integrated appliance option with VitalQIP gives customers the options of solving many issues with their architectures and can be rolled out all at once or incrementally over time. The following are some benefits to this option. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 25 VitalQIP Product Description Features Customer Issue or Need How we address the issue Benefits of our approach 1. An IPAM Appliance that will deliver bestin-class, proven DHCP/DNS functionality Use VitalQIP Appliance and VitalQIP Enterprise Server to automate the IP address management Industry leading software, VitalQIP is number one in market share End to end feature rich appliance based IPAM solution all from one single vendor – Alcatel-Lucent Automate the deployment of critical IP name and address services Simplifies software upgrades and centralizes deployment and monitoring of DNS,DHCP, and other services Secure services with hardened OS (RedHat Linux) preloaded onto appliance Reduce infrastructure support costs – less support staff Reduce address assignment process and departmental costs Reduce disaster recovery time and cost Simplified administration process with customization of the GUI Improve the availability of network infrastructure Reduce operator effort and misconfigurations Reduce troubleshooting time and support costs due to inaccurate configuration Improve overall network operational efficiencies Record validation enhanced security and reduces error and downtime Maintain consistent and accurate IP inventory Powerful, intuitive GUI Provide high availability for clients/subscribers Scheduling of jobs and custom GUI to provide greater efficiency in getting tasks completed. 2. High personnel cost for management of IP address 3. High downtime and long MTTR 4. Low productivity Use VitalQIP Appliance Manager to automate the IP address management Use VitalQIP Appliance and VitalQIP AMS to automate the IP address management Use VitalQIP Appliance and VitalQIP AMS to automate the IP address management © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 26 VitalQIP Product Description Features Customer Issue or Need How we address the issue Benefits of our approach 5. Slow to introduce new services Use VitalQIP Appliance and VitalQIP AMS to automate the IP address management Rapidly provision address space and reliably deliver critical IP name and address services In-step with new technology and services: VoIP, ENUM, RFID, IPv6, Mobile HSD and IP Video, etc. The VitalQIP Appliance Manager (AM) solution helps service providers and enterprise efficiently configure, automate, integrate and administer IP services across an entire network, locally and globally. The appliance solution enables a single point of software upgrade and monitoring management across geographically distributed appliances including monitoring of remote server software. • VitalQIP Appliance Management Module (AMM) – Preloaded Intel based machine running DNS and DHCP services. • VitalQIP Enterprise Server Module (ESM) – Preloaded Intel based machine with Sybase database and Enterprise Server software. • VitalQIP Appliance Management Software (AMS) – AMS is accessed through the a web based UI to manage all of the appliances. • Service Packages – Alcatel-Lucent provides the following service packages that permit the same time delivery of service fixes/patches between VitalQIP and AMS. The packages include: VitalQIP Enterprise Server VitalQIP Sybase Server VitalQIP DNS Server VitalQIP DHCP Server VitalQIP SNMP VitalQIP Remote Services Linux OS Upgrades Java Runtime Environment (JRE) Network Time Protocol (NTP) Trivial File Transfer Protocol (TFTP) The use of VitalQIP Appliances listed and described here instead of general purpose servers reduces the security vulnerabilities through a hardened appliance Red Hat Linux OS. It simplifies software upgrades and centralizes deployment and monitoring of DNS and DHCP services. The centralized Appliance Management Software (AMS) maintains an inventory of software packages and appliances. A secure token-based appliance authentication process keeps the network secure. Configuration of services can be done on the AMS GUI before deployment to the remote appliances running DNS and DHCP services. Appliances can be logically grouped for ease of upgrades and maintenance. Remote services such as DNS and DHCP can be quickly upgraded to the latest software version across many appliances. A record of upgrades is maintained in the AMS for each appliance. At any time, an administrator can roll back to a previous version of the service. The monitoring section of © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 27 VitalQIP Product Description Features the AMS gives a administrator a centralized view of the health of the entire appliance network on one GUI view. All log files and configuration fields are centrally accessible to aid in quick and easy debugging. Services on the appliances can be remotely started and stopped. An appliance can be quickly taken offline if suspicious behavior is observed, providing even more security around the overall architecture. In addition, any appliance can be rebooted from the centralized AMS. The appliances are available in two sized models with the following details. Model 1000 Appliance Powered by a high performance 64-bit Architecture Intel® Xeon® Core™2 Duo Processor on a 1U form factor platform. Model 5000 Appliance Powered by two 64-bit Dual-Core Intel® Xeon® Processors in a NEBS-3 compliant 1U form factor platform with mirrored RAID 1 and dual power supplies. The Alcatel-Lucent Appliance provides the best price/performance ratio in the industry. VitalQIP Appliance Manager Architecture AMS Packages ESM Import AMS DB OS VitalQIP DB Enterprise ssh Auto Disc DNS DHCP VIP HA Pair SNMP Heartbeat TFTP NTP AMM Coming Soon Custom HA AMM HA DNS Pair Communication: Appliance Mgmt Enterprise Mgmt •26 | Alcatel-Lucent Enterprise Forum 2009 AMM AMM All Rights Reserved © Alcatel-Lucent 2009 © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 28 VitalQIP Product Description Features 3.3.1 The AMS GUI explained by tab Appliances tab – Lists the appliances and their status connected to that AMS. This tab also displays and configures appliance pairs and appliance clusters. Each appliance’s status is denoted by one of the following Offline: Disabled: New: Up:. Appliance Groups tab – Allows you to view Properties, as well as the Appliances Packages and Configuration History of each appliance. Packages tab – Allows you to view the properties of each package and also import new packages. Administration tab – Has two sub-tabs shown below: © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 29 VitalQIP Product Description Features • System Information tab – Allows the user to view the properties of status logs for status messages, Notifications and system parameters for polling interval, event retention plan and AMS IP Address override. • Users tab – Lets the administrator add, modify and delete users, user groups and passwords. Help tab – Directs a user to various help information. 3.4 Application Programming Interfaces In general. VitalQIP supports data exchange in XML, CSV and also allows SQL access.VitalQIP provides a Simple Object Access Protocol (SOAP) based interface for North bound systems to data exchange and other interactions. Interface messages are encoded using Extensible Markup Language (XML), and use HTTP or HTTPS for transport. A Web Services Description Language (WSDL) document specifies interface operations, their associated messages and message parameters, the schema for the data types required by the messages, port types, and binding information. Selected transactions can be scheduled. This interface could also be leveraged should the need arise to integrate with other AlcatelLucent or non-Alcatel-Lucent software products, such as billing, radius, network access security, trouble ticketing, etc. The API Toolkit is a developer’s toolkit comprised of the VitalQIP Application Program Interface (API) routines and the Lucent Dynamic Host Configuration Protocol (DHCP) server API routines. These API routines allow for the extension and integration of VitalQIP into other critical applications such as asset tracing, other network management applications, and billing applications. The API provides a C interface to VitalQIP functions. It is intended to serve those applications that must invoke VitalQIP functions but cannot or should not use the existing command line utilities. Each API routine returns an integer indicating success or failure. If the return code is less than zero, then an error occurred. The value of the return code indicates the general error condition. In addition, the API provides access to the VitalQIP internal error codes, enabling more detailed error analysis. This expanded powerful set of APIs allows for the extension and integration of VitalQIP into other critical applications. They allow an installation to integrate VitalQIP functions and information into other systems, including other network management, asset tracking, or billing applications. The components of the VitalQIP API Toolkit include: • Header files containing prototypes for functions and structure definition. • Library files required for compiling and linking the APIs with external customer applications. • API product documentation or programming guide. 3.5 Database VitalQIP software and appliance solution is packaged with a Sybase relational database. In particular, VitalQIP comes with a run time license for Sybase. VitalQIP software-only solution can run with an Oracle database, which is supplied by the customer. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 30 VitalQIP Product Description Features 3.6 Data Viewing and Filtering Capability The Go/To Search capability, along with CLIs and APIs provide the ability to extract portions of the database based on search criteria. The database schema is also published and available should a customer desire to write their own SQL calls. 3.7 Data Export/Import Capabilities VitalQIP has various types of import and export capabilities. The entire VitalQIP database can be imported or exported using VitalQIP-provided software. Certain files and data can be exported using the VitalQIP GUI or command line interface. Data can be imported or exported using encrypted or nonencrypted passwords and in verbose or silent mode. Export and import of Oracle or Sybase data is supported. 3.8 SNMP Capabilities SNMP provides an industry-standard protocol used by a number of Network Management products, such as HP Openview, to manage devices and services on the network. SNMP provides a standard way for management products to monitor network devices and services. The Alcatel-Lucent Management Information Base (MIB) is SNMPv1, SNMPv2, and SNMPv3 compliant. Alcatel-Lucent Technologies provides SNMP support to our Lucent DNS and Lucent DHCP servers as well as appliances, enabling the collection and monitoring of statistics and general operational information through the use of SNMP MIB variables. This is available for both the server based architecture and is packaged with the appliance solution. The Lucent DNS and DHCP servers can write information by using these MIB variables. The variables offered by Alcatel-Lucent have been designed to be used in conjunction with the Internet MIB, to allow monitoring of Lucent DHCP and DNS name services via SNMP by the Internet community. Alcatel-Lucent has modified the Lucent DHCP server on all supported platforms to optionally support SNMP. The statistical information gathered by the DHCP server through normal operations can be written to the Alcatel-Lucent MIB variables. Alcatel-Lucent has implemented portions of the Lucent DHCP MIB objects defined by the DHCP Working Group of the Internet Engineering Task Force (IETF) in a proposed draft. In particular, there is support for Bootp and DHCP counter and statistics groups. Alcatel-Lucent has also provided extensions to the supported DNS MIB definitions. These MIBs are used to count statistics that are not covered in the DNS MIB defined by RFC1611. 3.9 Reporting Capability Within the next generation platform, VitalQIP has incorporated a new reporting packaged called Jasper reports. It provides great flexibility and allows you to obtain management and operational reports containing concise and pertinent information for certain aspects of the database. Reports can be generated to the screen, to a printer, to a file, or emailed to an end-user or administrator. The information can be sorted as required. Jasper Reports and Database schema information is also available should customers wish to customize reports with an SQL report writer. In the VitalQIP 7.2 application, reports can be obtained from the new Web GUI or the Thick Client. The Web GUI contains a subset of reports as follows: • Address Allocator Reports – Pool and Block Audit and Usage Reports • Address Management – IPv4 and IPv6 Subnet Usage and Audit Reports © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 31 VitalQIP Product Description Features • MyView Reports – Used to produce a MyView Audit Report • Administrator Audit History Report – Report the history of a specified administrator during a specified time period • Node Hierarchy Reports – Report the Nodes that have been established in the system and the details of the hierarchy The following reports are available via the Thick Client: • Objects by Address Range Report – Reports all IP address and their object classes in a domain, network, OSPF area, subnet organization or subnet. • Objects by Location Report – Reports all objects in a location. • Objects by Administrator Report – Reports all objects created by a specified administrator. • Objects by Application Report – Reports all objects belonging to a certain application. • Inquire Report – An inquiry or lookup report for a domain, OSPF area, subnet organization, subnet, object, IP address, MAC address, resource record or user defined field. • Free Subnet Report – Reports all free subnets available in a network. • DHCP Report – Report of DHCP server profile information and DHCP/Bootp objects managed by the server. • Administrator Profile Report – Report of a specified administrator's profile information. • Administrative Role Report – Reports specified Administrative Role information. • DNS Zone Report – Report of all the resource records for a specified zone. • Object Audit History Report – Report of the history of a specified object during a specified period. • Administrator Audit History Report – Report of the history of a specified administrator during a specified time period. Future releases of VitalQIP will merge all reports into the Web GUI. 3.10 User Configurable Capability VitalQIP is flexible and configurable to meet the needs of managing IP networks. Administrator visibility to certain objects, networks, etc. can be configured, even to the point of which menu items are accessible. New features such as MyView and User Defined Attributes provide customers with significant tools to be able to configure the application to suit their needs or input custom fields to support business processes, respectively In addition, a set of “user exits” is available to allow calling of customer scripts to provide additional or customized processing in the midst of a function, such as configuration file generation. In addition, the full set of Command Line Interfaces (CLIs) and APIs provide integration configurability with other customer systems. 3.11 Innovative Profiling Capabilities With VitalQIP software, customers can easily create a base of network and customer information that allows defining and managing subnets and network services. The Lucent DHCP and DNS Servers allow © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 32 VitalQIP Product Description Features leveraging key information across a common centralized database, streamlining administration and improving the integration of multiple applications. 3.12 Flexible Subnet Management Today’s networks must be updated constantly to keep up with frequent moves, mergers, and reorganizations that cause address space to become fragmented. VitalQIP software handles true Variable Length Subnet Masking (VLSM), so subnets can be easily split up or joined with other contiguous ones, eliminating the need for time-consuming manual spreadsheets. By providing a view of the entire IP infrastructure, the software provides a customizable management framework that allows assigning IP address space to specific administrators or groups of administrators across domains, networks, and subnets. VitalQIP software makes changes and implements reconfigurations quickly and seamlessly, allowing copying an existing subnet’s information, such as the mask, to the newly created subnet. It allows also setting thresholds that, if exceeded, automatically generate warning messages. 3.13 Customized User Interface VitalQIP software delivers a user interface that streamlines operations and allows planning, modeling, and building an IP network that truly reflects the organization’s structure and goals. For instance, the user-definable attributes capability can be used to track information within the VitalQIP software. The new feature called My-View within VitalQIP, will provide additional flexibility in tailoring the GUI view to the end User and how network hierarchy diagrams are displayed. These user-definable views improve ease-of-use by providing customer-specific representations of network objects. 3.14 Administrative Roles An Administrative Role is a collection of infrastructure components that can be assigned to an administrator as a part of their Managed List. By using an administrative role to assign common access to administrators, VitalQIP software allows adding new infrastructure to the role, with all administrators associated with that role given access to the infrastructure. Administrative Roles can greatly simplify the administration process for customers with medium to large numbers of VitalQIP administrators.. 3.15 Secure Dynamic Update Support A new capability that was introduced in release 6.0 allows VitalQIP software to send Secure Dynamic Updates (GSS-TSIG Algorithm) to the newly enhanced secure Lucent DNS Server as well as Microsoft Windows 2000/2003 DNS. With this protocol, both the DNS server and the resolver authenticate with Kerberos network authentication protocol. 3.16 Single Login For VitalQIP Software VitalQIP software supports a single database login, eliminating a database level login for each VitalQIP software administrator. This makes database administration and upgrades simpler, as well as reduce the security risk associated with people having access to the database through tools supplied from the database vendors. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 33 VitalQIP Product Description Features 3.17 Ability to Change DNS Options on Multiple Domains Simultaneously VitalQIP software allows the administrator to pick multiple zones (domains/reverse zones) and specify a set of DNS options that will be applied to all those zones without having to open each domain individually. The ability to modify multiple domains simultaneously can greatly reduce operational expenses of configuring the network. 3.18 Push to Remote Server VitalQIP software removes database dependency from remote servers. A new remote server configuration mechanism has been implemented to eliminate database communication between Remote and Enterprise Servers. With VitalQIP software, each Remote Server runs as a service. This service can transfer entire configuration files that are generated by the database, and load them onto the Remote Server. This new functionality reduces overall traffic and improves file generation times for the remote servers. Configuration options are added to allow for data compression, encryption, and authentication. 3.19 Enhanced Go To/Search For Fully Qualified Domain Names VitalQIP administrators can indicate whether go to/search results should utilize FQDNs (Fully Qualified Domain Names) or relative host names. This facilitates locating an object, which has a common host name in many different domains. This enhancement to the Go To/Search feature also reports FQDN results when required. 3.20 ACL Policy templates VitalQIP supports the ability for an administrator to more easily enter access control lists for BIND 8 and BIND 9 DNS servers in named.conf. Also, administrators can assign ACLs to specific DNS servers. The screen shot below on the left illustrates the creation of the ACL template, whereby networks, IP hosts or addresses can be associated with a template, while the screen shot on the right illustrates the assignment of a set of templates to a particular DNS server zone. 3.21 Login Service Authentication Callout VitalQIP Administrator’s logins can be authenticated with third party authentication services such as Radius. VitalQIP supports the ability to authenticate administrators though a “callout” by providing login ID, password, database, and product type to be authenticated and then only providing access to the VitalQIP administrative GUI after successful authentication. The callout return provides the ability to change the login name for added database access security and to customize the failure result message, e.g., instructing the user to contact the help desk. 3.22 Redundant Schedule Service Schedule Service redundancy has been implemented in VitalQIP to provide a high level of fault tolerance. With VitalQIP, the Schedule service can be configured to execute on multiple servers. When configuring multiple Schedule Services, an improvement in throughput of scheduled tasks can be achieved. Also, with VitalQIP the services and the user interfaces can provide failover to replicated databases without administrative intervention. This feature also allows for the ability to prevent user and service access to the database during planned maintenance by setting a global database state. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 34 VitalQIP Product Description Features 3.23 Job Scheduler The Job Scheduler feature is designed to avoid the user having to wait an indeterminately long time for a request to complete, and to allow for jobs to be scheduled to run at a later time. All jobs are run as the VitalQIP Administrator who scheduled the job. 3.24 DHCP Option 82 support VitalQIP supports and records in the database and displays Relay Agent Information option or “Option 82” information provided from Message Service from the DHCP server. “Option 82” information can also be routed to the Audit Manager process and stored within the Audit Manager database. VitalQIP also supports the configuration and push DHCP of new RFC configuration data, including the new domain search (RFC 3397), classless static route (RFC 3442), and CableLabs client configuration (RFC 3495) options, to the Lucent DHCP 5.4 server. VitalQIP 6.1 administrators can also configure and push DHCP Long Options (RFC 3396). In addition, VitalQIP supports the ability to change the DHCP server debug level, stop debug, or clear the debug log from the VitalQIP GUI. This enhanced debug control is induced via the Network Services -> DHCP Generation screen. 3.25 Windows Support VitalQIP software continues its market-leading support of Microsoft Windows DNS/DHCP servers with support of sites and subnets in Active Directory. VitalQIP software currently manages information about subnets and subnet organizations, which are used to model Windows sites. To avoid the tedious and error prone task of having to re-enter the information into the Windows management console, VitalQIP software provides an export mechanism for the subnet and subnet organization information to be retrieved and imported into the Windows 2000 Active Directory as subnets and sites. 3.26 Microsoft Secure Zones A zone may be marked as secure only if it is Active Directory integrated. Non-directory integrated zones cannot be secured. When a secure dynamic update is made to a secure zone, the security verification generally occurs in two stages. First the GSS-TSIG protocol is used to verify the identity of the updater. Second, the DNS server takes the update and uses the updater’s security context to update Active Directory with the new information. At this stage Active Directory’s access security mechanism is invoked for this “secure zone”. Active Directory keeps access control information with each entry in Active Directory. This access control information specifies who owns the entry and who is allowed to access it. If the access control information does not forbid the updater from making changes to the Active Directory entry it is trying to modify, then the update succeeds. At this stage, if the entry had no security or did not previously exist, the access control information for the entry is updated such that only the updater (and administrators) is allowed to make changes to the entry. There is one exception to this rule. That is when the updater is a member of a special security group called DNSUpdateProxy. Objects created by members of the DNSUpdateProxy group have no security; therefore, any authenticated user can take ownership of the objects. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 35 VitalQIP Product Description Features While VitalQIP will not store the Active Directory access control information, it will require the user to create two new Windows 2000 users for QIP. One will be a normal user, referred to as a Strong user. The other will be a member of the DNSUpdateProxy security group, referred to as a Proxy user. When static objects and RRs are modified in a secure zone, VitalQIP will use the Strong user context to do the update. This will cause VitalQIP to be the only user that is allowed to modify those entries, thus locking out random clients from stealing DNS entries that were entered by VitalQIP. When EDUP objects and RRs are updated, the Proxy user context will be used, thus allowing external users to make modifications (and take ownership of) those entries. When dynamic objects are updated, the user may possibly want to allow the DHCP client to take ownership of the name and make subsequent updates to DNS itself. In this case, QIP will use the Proxy user context. On the other hand, users may feel more comfortable with VitalQIP managing the DNS updates for the dynamic clients and not allowing the dynamic clients to update the zone at all. In this case QIP will use the Strong user context to do the updates, thus locking any other users out of being able to modify the information. 3.27 Changed Records Push VitalQIP provides an option to execute pushes of changed records only to Active Directory DNS reducing tombstoned records. Pushing only changed records significantly reduces replication traffic between domain controllers, and allows clients to maintain ownership of resource records they have placed in DNS. This option will only be provided when a Windows 2000 DNS server type is selected. 3.28 Secure Messaging VitalQIP can dynamically update secure MS DNS Zones. In addition, all DNS and DHCP Push Requests and DHCP Lease traffic can be secured by configuring SSL within the VitalQIP product. This also offers “Real World” encryption for database login information. All communication packets between servers can be encrypted, ensuring security within your organization. 3.29 DNS & DHCP Server Compatibility The Lucent DHCP Server can update both primary and secondary DNS servers with resource record information as DHCP leases are granted and deleted. The Lucent DNS Server fully supports Incremental Zone File Transfer, RFC 1995 (IXFR), across UNIX and Windows platforms. The Lucent DHCP Server supports a many-to-one hot fail-over to another DHCP server in the event of server outage. This feature provides the high availability and reliability required for IP address services. 3.30 DNS – Domain Name Server and Dynamic DNS Alcatel-Lucent Technologies has taken an open, non-proprietary approach to DNS management. AlcatelLucent’s focus is on integrating and supporting the latest commercial releases of Internet Software Consortium - BIND (ISC BIND) code across multiple platforms. All DNS communications and configurations are standards based. Alcatel-Lucent’s approach offers the customer a number of advantages: © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 36 VitalQIP Product Description Features • Because of VitalQIP software's unique design and open approach, companies can choose to deploy any vendor's BIND-compliant DNS server. The software can be used to manage these DNS servers in much the same way as it manages its own DNS Server • Alcatel-Lucent allows customers to deploy and manage Alcatel-Lucent DNS services on either standard base servers or the Alcatel-Lucent Appliances. By supporting heterogeneous deployments, customers can protect their investment and have the flexibility to deploy on their platforms of choice • VitalQIP software currently supports both BIND 8 and 9 on servers as well as the AlcatelLucent Appliances. By concurrently supporting multiple releases of BIND, the software allows customers to have an orderly migration to new releases • Alcatel-Lucent enhances the ISC BIND code, as needed, with coding extensions to accelerate adoption of key RFCs demanded by the market. As updated versions of BIND become available, Alcatel-Lucent Technologies adopts the new ISC BIND and extends it with any critical features not yet incorporated. DNS zone and data configurations are performed through the VitalQIP client and stored in the enterprise database. Configuration attributes include: • Domain Name • Scheduled update intervals (for serial number increments) • Zone directory • Zone e-mail • BIND Version (selective to server – 8.x, 9.x, and MS 4.0, Windows) • Additional Start of Authority Record (SOA) attributes (information about the zone: refresh, retry, expire) • Most common BIND 8.x and 9.x directives (notify, also-notify, allow updates • Secondary servers and secondary BIND versions • Corporate extensions – allow for additional directives/statements to be included in named.boot and named.conf files • Domain extensions – provide the ability to include data files not managed by VitalQIP software. 3.31 Configuring Remote DNS Servers Once the initial domain information is configured, VitalQIP software will generate all files necessary to boot on the remote DNS server (named.conf, named.local, root.zone, named.root, and all zone data files). This process is accomplished via the software, and the qip-rmtd (remote service) processes running on remote machines. In the event that a primary server crashes or loses its data, this process quickly allows administrators to reconfigure a new primary server in a matter of minutes. VitalQIP software initiates a TCP connection to the remote server via a specific port number. The remote process (qip-rmtd) then initiates a transfer of its configuration files from the database. This data is then saved to the local directory and a kill –HUP performed against the named process to reload the data. Dynamic DNS is also configured to be on/off at this time (based on a configurable system policy). © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 37 VitalQIP Product Description Features VitalQIP software performs a complete generation of all named.conf and zone data files. Alcatel-Lucent Technologies will implement an incremental primary update in which only changes within the database will be updated to zone files. Incremental Zone Transfers (IXFRs) are supported by Alcatel-Lucent as an extension to BIND 8.x. Once the configuration files and zone data files are generated there is no further communication required to the Enterprise database server. The DNS servers operate independently of the database and perform based on the DNS standards. In the event a remote DNS server operates on an operating system not currently supported, VitalQIP software provides a mechanism in which DNS configuration files can be generated locally. Using the software’s DNS user-exit, the files can then be transferred to the remote server (via ftp, rcp, or srcp). 3.32 Dynamic DNS VitalQIP software provides two (2) methods for dynamic DNS updates: • Static addresses • Dynamic addresses via DHCP If enabled, all static address assignments, performed through one of the user interfaces, can be dynamically updated to primary and secondary DNS servers. Alcatel-Lucent provides the additional functionality to secondary DNS servers so corporations could point a client’s primary resolver to the dynamically updated secondary DNS server instead of the primary DNS server and immediately resolve static assignments without zone transfers. Alcatel-Lucent also provides standards based (RFC 2136) dynamic updates to cache. It supports dynamic updates to 4.9.7 and 8.x primary, secondary, master and slave servers. Dynamic DNS can also be performed from DHCP servers as addresses are leased, released, or renewed. Depending on corporate procedures and processes, dynamic updates can be enabled, or disabled, from all remote services. Control of dynamic updates can then be passed to the enterprise server where intelligent processing of data can occur. An example of this processing would be determining if a host name is unique and making appropriate changes as needed to enforce unique name requirements. 3.33 DHCP - Dynamic Host Configuration Protocol Alcatel-Lucent’s DHCP server is a high-performance, RFC-compliant (2131/2132) and scalable DHCP solution to provide large corporations with dynamic allocation of addresses. DHCP is supported on Sun, Windows and Linux and provides the following types of dynamic allocations: • Dynamic DHCP – lease based • Manual DHCP – Fixed client-identifier to IP • Automatic DHCP – no Client identifier (CID) required • Manual BOOTP – CID to IP • Automatic BOOTP – No CID required © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 38 VitalQIP Product Description Features Alcatel-Lucent’s DHCP is a totally open system environment and provides support for multiple versions of DHCP on various platforms, including support of native Microsoft DHCP and IBM DHCP. VitalQIP also allows the ability to customize how a server responds or processes DHCP packets through an integrated API. 3.34 Configuring DHCP Servers VitalQIP software provides an intuitive interface for the configurations of DHCP servers and the server’s policies. Examples of the available policies are: • Registered clients only – The ability to restrict the assignment of DHCP addresses to “known” clients via the client-identifier field. • Dynamic Updates – Turn on/off dynamic DNS updates from a DHCP server. • Accept Client Names – Turns on/off the ability to update the enterprise server with client host names. • Synchronize Servers – Scheduling of database side active lease synchronization. This allows the database to extract MAC address and host names currently active in a DHCP server’s lease files. Alcatel-Lucent has implemented several new policies that are included in the VitalQIP software release. 3.35 DHCP Intelligent Templates By re-using infrastructure configuration data and object class types such as routers or servers, AlcatelLucent facilitates the managing and configuration of DHCP templates. (DHCP templates define what DHCP options are passed to a client when assigning leases.) Most DHCP server vendors require that templates be created and that information such as default routers, which typically change per subnet, be statically defined in the template. This can result in thousands of templates (since each router must be unique) and extensive support/administration. VitalQIP software allows for minimal template configurations to be used for entire enterprises or service provider networks. As an example, when a subnet is defined a device may be added with an object class of router. When a DHCP scope/registration is performed, VitalQIP software will “dynamically” extract that router address and define the default gateway in the DHCP configuration file as that address, eliminating the need to statically define the router in the template. Intelligent templates also make the task of migrating from one address space to another quick and easy (no templates are required to change). All templates are created through a graphical interface. Options include the name, RFC option number, and third-party tag information if applicable. 3.36 Managing DHCP ranges All DHCP registrations and ranges are created through the VitalQIP administrative client interface, web, or command line utilities. DHCP ranges can be created using contiguous or non-contiguous addresses. Additionally, addresses can be modified, deleted, or ranges extended based upon the user’s preferences without affecting the entire range. With DHCP, modifications can be made at any time to any DHCP/BOOTP address (including changing the allocation type, template, DHCP options). © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 39 VitalQIP Product Description Features 3.37 DHCP Failover Alcatel-Lucent’s VitalQIP supports configuration of failover servers. Failover of this server is provided as many-to-one failover server (one backup for many primaries). ALU DHCP failover uses a heartbeat mechanism to detect if a server goes down. Upon loss of connectivity between a primary and a failover, the failover server will wait a specified time interval, which is configurable, before becoming active. This can be configured to be nearly instantaneous. Once the configured time interval has passed and the failover cannot re-establish communication with the primary DHCP server it will begin responding to lease requests. When the Primary DHCP server is brought back online the secondary will be notified through the heart beat. This will initiate an update of the failover lease database using the primary as the authority. This then results in the primary seeing and handling the request. 3.38 Third-party DHCP Servers VitalQIP software provides the ability to manage and configure selected third-party DHCP servers, their configuration files, and active leases. These servers are: • Microsoft Windows DHCP 3.39 Database and DDNS Updates By integrating the DHCP process with the enterprise server and DNS servers, DHCP provides real-time updates to the VitalQIP database and dynamic DNS servers. Alcatel-Lucent also provides a message queue that handles these updates and guarantees message delivery to the database or DNS servers. The message queue allows the administrator to configure how updates should occur: • VitalQIP Database • DNS • Both • DNS Backup – If the database is not available, continue to update DNS. Should either the VitalQIP database or DNS (depending on the policy above) be unavailable, the message queue service will continue to retry the updates until successful. 3.40 VitalQIP Administration One of the most powerful features of the VitalQIP software is the ability to distribute IP management responsibilities within divisions and departments of a company. The administrator policies establish the individuals who will manage the network or portions of the network and what impact they will have on their assigned portions. Alcatel-Lucent provides multiple levels of administration. Multiple User Interfaces- Network managers and administrators can utilize their tools of choice to work with VitalQIP software. Comprehensive graphical user interfaces running on either Windows © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 40 VitalQIP Product Description Additional Product Features NT/95/98/2000 or UNIX Motif may be selected. Alternatively, VitalQIP software’s customizable web interface may be used as the preferred interface for ubiquitous, secure access to the software. 3.41 MyView With the possibility of millions of address pools, blocks, domains, resource records and infrastructure objects, the amount of data in the VitalQIP database can become quite unwieldy for administrators who need to perform their daily tasks efficiently. MyView Hierarchy Management enables a master or organization administrator to define and set up views of the system that have a narrower scope, views that can then be assigned to one or more normal administrators, and thereby allow them to focus on their daily activities and only the infrastructure items for which they are responsible. 4 ADDITIONAL PRODUCT FEATURES Historically, VitalQIP has offered a number of different modules that were sperate from the core product. With VitalQIP 7.2, a number of those modules have been packaged with the core product – such as AutoDiscovery and Address Allocation to provide more value-add functionality. A few modules are still kept separate. This section describes the these additional modules add-on applications that are available with VitalQIP. These add-ons are certified to operate in conjunction with VitalQIP. 4.1 VitalQIP Audit Manager Module Audit Manager is an application that tracks DHCP lease information, VitalQIP static and dynamic object definitions, and Domain Controller login/logout information. (A domain controller is a system dedicated to processing user authentication for Windows domains) The information captured and collected can be audited using the graphical user interface. Audit Manager also has the capability to generate alerts when an IP address, Media Access Control (MAC) address, and/or hostname have been used. Audit Manager is not dependent upon VitalQIP, but it does rely on VitalQIP for information about static and dynamic objects. It can be used with other DHCP Servers and messaging devices, such as the Windows Primary Domain Controller (refer to Microsoft's web site, http://www.microsoft.com/, for more information). Components of Audit Manager can run on both UNIX and Windows platforms, except the Audit Manager graphical user interface and the VitalQIP Domain Controller Logon Audit Service. The graphical user interface runs on Windows 2000/2003/XP, and the VitalQIP Domain Controller Logon Audit Service naturally runs only on a Domain Controller, i.e., Windows 2000/2003. Audit Manager collects, accesses, and manages data from VitalQIP, DHCP Servers, and Domain Controllers by: • Collecting and auditing DHCP lease information; such as an IP address a DHCP lease has given. • Collecting and auditing VitalQIP ® static and dynamic object definitions. Object definitions include user information, billing information, and other types of information associated with an object. • Collecting and auditing Domain Controller login/logout information. • Generating alerts when an IP address, hostname, of MAC address has been used. • Searching a database for data that has been collected and/or archived. • Generating auditing reports. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 41 VitalQIP Product Description Additional Product Features 4.1.1 VitalQIP Services Manager Module Services Manager is an application that allows the user to monitor and control the status of defined system services, such as DHCP, DNS, and more. This module is developed to work with VitalQIP where it is deployed on traditional Servers, not appliances. As was mentioned previously, an appliance based solution incorporates monitoring of services via the Appliance Management Station. Services Manager provides monitoring and reporting on the activity of the various DDNS and DHCP servers. Each service running on a server can be monitored and stopped and started by an authorized administrator. With the remote server there are service manager agents or probes, which report to the Services Manager system. These agents can respond to requests from Services Manager an either report on processes or stop/start them. The central system is NT or Unix based with agents running on all platforms supported by VitalQIP. At any moment the status of a particular service can be seen as well as its statistics. For example the number of DNS resolves or the lease count by subnet for a DHCP server. As these statistics are accumulated they are reported on a poll interval and placed in a history file for reference and planning purposes. It can be used for determining server placements and load balancing. Any status change can result in an alert for example like a DNS process or the message service process. Alerts are handled through Services Manager Director (Central system) and are e-mail based. These e-mails can be linked to pagers and specific messages sent. Alerts can also be generated from the probe function. This unique function provides the ability to specifically send a request from a remote agent to a remote server across the network and verify that the response is as expected. Agents can reside both on the servers and any NT or UNIX supported platform. There are three major architectural components to Services Manager. • The Services Manager Interface • The Agents • The Director The Services Manager Interface is the Windows graphical user interface (GUI) that you will use to manage the servers and services on both UNIX and Windows platforms. Through the interface, you can define the services for servers, start/stop services, and gather statistics on services. The Agents also reside on either a UNIX or Windows system and handle the communication to the servers and services. The Agent Manager does the installation of agents automatically based on the identification of new services. You can install any number of Agent Managers on your network, but only one Agent Manager per system. The Director is the engine that processes, stores, and directs the information regarding servers and services from the Agent Manager to the Interface. There is only ever one Director, and it can reside on either a UNIX or a Windows system. A View is a visual hierarchy of servers and services. There are two types of views in Services Manager. A Services Manager administrator must first set up the Director View, which then enables the Services Manager administrator or other network administrators to set up the Operating Views. The Director View is the hierarchical view that encompasses all servers and services on the network. The Director View is the whole "pie" of servers and services that you plan to manage using Services Manager © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 42 VitalQIP Product Description Additional Product Features The Operating Views are pieces of the pie, or smaller chunks of the network's servers and services that you expect to be managed together. The Operating Views cannot be set up until the Director View is set up. The pie cannot be cut unless it has been made. Operating Views can overlap. In other words, you can have servers and services belonging to more than one Operating View. Users are set up after the Views are defined. More than one User can have management privileges over the same view. 4.2 VitalQIP Registration Manager Module Registration Manager provides the ability to deny or limit network access by using the DHCP protocol for IP address assignment. Unregistered DHCP users are given limited access to a user registration web site. Once authenticated and registered, the users are granted access to the network based on their defined access level within Registration Manager. Registration Manager can be used by organizations, such as college campuses, to automatically register a student's personal computer within Registration Manager and control access to the campus network. In a corporate setting, Registration Manager can help to provide access to the corporate network for registered users while denying access to unauthorized DHCP users. Service packages are defined within Registration Manager for each User Class or access level to be serviced by the system. Service packages define the level of service the associated user receives. Registration Manager can also limit the number of DHCP-enabled systems that any user may have active on the network. The host name of the system that is registered dynamically in DNS can also be controlled through Registration Manager. Registration Manager works in conjunction with the Lucent DHCP Service. VitalQIP configures and manages the Lucent DHCP Service. By using VitalQIP and Registration Manager, DHCP option values may also be defined based on the service packages defined within Registration Manager. Registration Manager issues addresses to DHCP users from any network location and denies access to unauthorized users. Registration Manager enables an association between the user, the hardware address of their system (MAC address), and the assigned IP address. By associating the MAC address to the user and not only to the machine, the Registration Manager benefits a mobile user. Once the mobile user is registered, the user can use their device anywhere on the network where they are authorized, without re-registering. This provides a seamless approach to gaining the benefits of DHCP. The user profiles (referred to as Subscriber Profiles), MAC addresses, and IP address associations are stored within the Registration Manager directory server. Registration Manager also works with Audit Manager, to record a user-to-IP address assignment from a historical auditing perspective. Registration Manager has three major components: • Registration Manager web server • Registration Manager remote server • Registration Manager client Each component is comprised of sub-components that usually include services, an interface, or web server. 4.2.1 VitalQIP Workflow Manager Module Workflow Manager is a robust workflow engine with a rich feature-set and a highly scalable three-tier architecture. It has been proven to perform in a production environment for the past 7 years. Customer installations include a wide range of throughput requirements from 100 orders/day to 700,000 order/day using the same code base of the product. It is developed on an object-oriented platform that provides robust interfacing options. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 43 VitalQIP Product Description Additional Product Features Workflow Manager has the flexibility to operate as an autonomous workflow engine as well as an embedded workflow engine as defined by the Workflow Management Coalition (WfMC). It also has the robustness of an independent Activity Manager with its own Web-based Activity Management GUI. Since it doesn’t carry any application specific functionality in its architecture, it is a highly efficient flow engine. Workflow Manager comes with a Java-based platform that offers a wide variety of configuration options. Tasks are delivered with default implementation and customers can customize the tasks themselves and install them dynamically. The platform also offers multiple protocol choices for interfaces that include “idl” over CORBA, ‘xml” over JMS etc. The graphical business flows are stored locally in files using “xml” format before they get loaded into the “Model DB”. “XmlSchema” is available for the format of the models thus making it easy to import/export to other workflow systems. The model analysis tool developed by Bell Labs allows modelers to query the models in different ways to aid in the validation of models. Integration to popular EAI platforms like TIBCO is available. Multiple applications can use the same instance of Work Manager using global process flows as shown in the above picture. The Worklist GUI will show an integrated view of the various applications. This kind of configuration allows Vital Work Manager to act as a natural integrator of applications requiring workflow control. Workflow Manager has three main components: • Modeling Tool (WMTL/WFE-II) – Easy to use graphical process definition tools, which allow a modeler to create process models independently without the core engine dependency. WMTL GUI allows customers to create tasks and provide implementation using either java or “java properties”. • Core Engine – Processes workflows and monitors them. • Worklist GUI – Web-based user interface (GUI) to initiate flow activation and to monitor work activities/events. 4.3 VitalQIP Alcatel-Lucent DHCP Rules Manager Alcatel-Lucent DHCP Rules Manager (LDRM), a VitalQIP service, used as an extension to the AlcatelLucent DHCP, provides the ability to override most DHCP packet values, and to do so conditionally, that is, based on other DHCP packet values. LDRM enables VitalQIP users to author custom rules for modifying fields and options of both incoming and outgoing DHCP packets developed in Jython, an implementation of the high-level, dynamic, object-oriented language Python which is integrated with the Java platform. With LDRM, the DHCP server can still be configured through option templates associated with address scopes and client classes to assign option values. If LDRM assigns values for the same options as are defined by the address scope or client classes, the LDRM assigned option values take precedence. For example, after receiving a message, LDRM can read one or more of several fields and options in the message and perform the following functions: • Execute desired logic to override one or more of several fields and options in the message • Set any of dozens of options to be used in the associated outgoing message • Send the overridden values and the options for the DHCP service to use © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 44 VitalQIP Product Description Additional Product Features After receiving this information, the DHCP Service processes the message and replacement values for it, and, if appropriate, sends a response back to the DHCP client using the options provided by LDRM. LDRM can perform other functions beyond those described above. For example, LDRM can provide a suggested subnet to the DHCP Service from which it selects an IP address to lease to a client. Also, LDRM can execute authorization-related logic, and instruct the DHCP Service to drop a client packet and not respond to it. 4.3.1 VitalQIP ENUM Manager VitalQIP ENUM Manager provides a centralized management solution enabling administration of ENUM domains (e.g., e164.arpa.) and the Naming Authority Pointer (NAPTR) records in VitalQIP® and the Lucent DNS server. VitalQIP® ENUM Manager provides the ability to administer ENUM records in the VitalQIP® database and manage and update Lucent DNS servers. Lucent’s DNS server resolves queries for telephone number to URI/URL translation for On-Net calling and other ENUM capabilities. Using an XML/SOAP interface, E.164 records can be loaded from a variety of sources into VitalQIP®. The interface supports dynamic loading of new records from provisioning systems, such as AlcatelLucent Technologies eSM in IMS networks, and bulk loading records from databases for initial population of E.164 records. ENUM Manager stores this data in the VitalQIP® ENUM database. VitalQIP® ENUM Manager accesses this database, and uses this data to update Lucent DNS servers, either through Dynamic DNS updates or zone file pushes. Administering ENUM records is via a VitalQIP® ENUM Web GUI. The ENUM Manager GUI allows an administrator to manually create, update, delete, and search the NAPTR records. The administrator simply populates a few fields and, once executed, the record is pushed to both the VitalQIP® database and the Lucent DNS server. ENUM manager features the ability to split and merge ENUM domains in order to fit your network topology. The ability for an administrator to search the ENUM database is an essential component of effective ENUM record management 4.4 Computing Platform Requirements and Options 4.4.1 Supported Platforms VitalQIP is supported on a number on traditional server as well as Alcatel-Lucent Appliances. On a traditional server, VitalQIP supports Sun Sun Solaris, Windows and Redhat Linux for the Enterprise server. On the Alcatel-Lucent Appliance, RedHat Linux is supported. 4.4.2 High Availability Architecture VitalQIP provides many-to-one DHCP server functionality. This means that a single secondary DHCP server can be the backup for multiple primary DHCP servers. The transition between primary and secondary servers is totally transparent to the clients requesting leases. The Alcatel-Lucent Appliance solution also provides DNS primary and back-up confgurations for enhanced DNS High Availability functions. Although VitalQIP is not certified on any high availability hardware architecture, deployments of VitalQIP are running on UNIX high availability (cluster) platforms with high availability databases (e.g., Oracle Transaction Application Failover). © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 45 VitalQIP Product Description SyStem performance and reliability VitalQIP has been deployed on hardware vendor supported high availability configurations. 5 SYSTEM PERFORMANCE AND RELIABILITY VitalQIP has been architected to provide the industry’s leading performance and reliability. In a traditional server environment, the DHCP server has been benchmarked by Exodus Labs at successfully dispensing over 79,000 DHCP leases per minute. These leases are the full four-packet DHCP exchange, not including "renews." This is the highest performance as reported by an independent testing agency. The DNS server has been clocked at over 10,000 DNS queries per second, which is on the order of industry performance. Performance of other components such as administrative clients and the database can be engineered and configured according with specifications especially with respect to memory. The Alcatel-Lucent Appliance follows in the same path by providing the best price performance solution in the market today. Model 1000 Appliance Powered by a high performance 64-bit Architecture Intel® Core™2 Duo Processor on a 1U form factor platform. • DNS: 36,000 Queries per Second • DHCP: 3,200 Leases per Second Model 5000 Appliance Powered by two 64-bit Dual-Core Intel® Xeon® Processors in a NEBS-3 compliant 1U form factor platform with mirrored RAID 1 and dual power supplies. • DNS: 95,000 Queries per Second • DHCP: 6,400 Lease per Second The reliability of VitalQIP is also based on customer needs and design. The DHCP failover mechanism provides for highly reliable DHCP service to clients via hot sparing type functionality. The DNS architecture is inherently redundant, and Alcatel-Lucent fully supports this. Other VitalQIP services can be distributed for high reliability. The use of database add-ons such as Oracles’ Transaction Application Failover (TAF) can also be employed to support a highly available system. 6 OPERATIONS, ADMINISTRATION AND MAINTENANCE The VitalQIP administrator can install, configure, and maintain the IP Name and Address services. The administrator also can monitor service and capacity levels. Administration can be performed either at the central site or remotely. Regularly performed administration such as database backups, reclaiming of addresses, and file transfers to the DNS and DHCP server processes can be scheduled to execute at a certain time or at a certain interval. All tasks can be executed from the GUI interfaces or from CLI commands. This is further enhanced by the ability to deploy VitalQIP architecture on a full appliance based solution. This easies not only the set-up but also the administration and pact management. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 46 VitalQIP Product Description What’s New in VitalQIP 7.2 6.1 Security VitalQIP uses the Administrator Profile to define the administrative policies, privileges, and roles of those individuals who are expected to manage the network or portions of the network, and to define what impact they have on their assigned portions. In VitalQIP, you define the different types of administrator and assign privileges to each administrator profile. For example, you can establish an administrator profile that has read-only permissions to an entire "organization" or all the components and/or objects within that organization, based upon the administrator type chosen. The four types are Normal Administrator, Master Administrator, Organization Administrator and Read-Only Organization Administrator. Also with Managed Lists, you define the components of the network for which the administrator is authoritative. The privileges you establish in the Administrator Information tab apply to all the selections you make in the Managed List tab. If you are setting up similar profiles for several administrators, you should consider defining an administrative role and assigning it to each profile. That way, if there are infrastructure changes to the network components assigned to the role, you need only update the administrative role and save yourself the trouble of having to update each administrator profile to reflect the modified infrastructure. To customize, you specify the menus that the administrator whose profile you are creating can access. You can also define how the hierarchy appears when it is expanded by setting the domain folder and quick view options. Each Administrator name or ID must be unique. Delegated administrators can optionally create other administrators. Audit Logs are created for logging of addresses usage, administrator additions, deletions and modification to the infrastructure. Administrators using web interfaces can utilize secure sockets layer, SSL. File transfers (pushes) can be configured to provide a level of encryption for the transfer of information between DNS servers. Access control lists on remote servers can be used to limit the IP addresses from which the server will accept updates and configuration information. Secure dynamic DNS updates via GSS-TSIG provide an additional authentication security mechanism for updating DNS servers. VitalQIP provides an online backup procedure for securing of the data outside of the VitalQIP system. Three types of backups exist, one for backing up the master database, one for the VitalQIP database and one for backing up the transaction log. All backups can be performed to a tape file or a disk file. 6.2 Disaster Recovery VitalQIP provides many-to-one DHCP server functionality. This means that a single secondary DHCP server can be the backup for multiple primary DHCP servers located at different sites. The transition between primary and secondary servers is totally transparent to the clients requesting leases. Although VitalQIP is not certified on any high availability hardware architecture, deployments of VitalQIP are running on UNIX high availability platforms that conceivably could be remotely housed and many cases customers use third party appliances to support this. In the appliance architecture many-to-one DHCP server functionality is supported as well as DNS failover. 7 WHAT’S NEW IN VITALQIP 7.2 VitalQIP release 7.2 continues to enhance the next generation web services architecture, enriching the user experience through state-of-the-art web GUI and additional features to better fit customers’ operational environment. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 47 VitalQIP Product Description What’s New in VitalQIP 7.2 Some of the key enhancements of R7.2 are: • New Web Based GUI Enhancements • DNS Views • Managed Files • Enhanced Reporting and Auditing. • Enhanced My View capability The feature highlights below provides additional details around these capabilities. If you are not familiar with the other features that were made available in the previous 7.x releases (new scheduler, IPv6, etc.etc), please refer to the other new feature documents. All of previous release features are carried forward from release to release. 7.1 Next Generation Architecture and New Web UI The introduction of VitalQIP 7.2 continues to expand what began in VitalQIP7.1 and continues to take the product to a new architecture level. Given the maturity of the application, as the market leader, and the extensive customer deployments, Alcatel-Lucent saw the need to create a more flexible platform that allows users to leverage web based technology for the more mobile environment. With VitalQIP 7.2, existing customers will have the capability to upgrade to the new platform and start rolling out the new web GUI to all administrators and users. Alcatel-Lucent is pleased to announce that by releasing VitalQIP7.2, existing and new customers will find that they no longer need to deploy a client based architecture. They in fact will be able to leverage full web based UI support with in the most flexible web based GUI. Customers that are familiar with the new 7.x platform and have viewed the new web GUI will also notice some additional changes in the look and feel of the 7.2 user interface. Alcatel-Lucent is dedicated to ensuring the new product and UI will continue to enhance the users experience. In showing our commitment to this, Alcatel-Lucent has invested in a detailed evaluation of the 7.x UI by outside consultants to ensure that the implementation creates a user friendly experience. The following snapshot reflects some of the visual changes that the user will see in the 7.2 application. The objective is to incorporate recommendations by User Interface experts continue to provide our customers the best user experience with the industry leading product. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 48 VitalQIP Product Description What’s New in VitalQIP 7.2 7.2 DNS Views VitalQIP continues to incorporate support in the centralized management system for BIND DNS like capabilities. DNS Views inherently provides the ability for a name server to present a different configuration to each of multiple sets of clients. Consequently, a DNS server can provide different responses to the same query from different clients. A? A? DNS X A? X Y A? A? DNS X Y VitalQIP supports configuration of DNS Views for Lucent DNS 4.x and Bind-9.x DNS servers. DNS Views, based on source or destination criteria, are used to provide: • Different permissions or restrictions to DNS clients • Different answers to DNS clients © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 49 VitalQIP Product Description What’s New in VitalQIP 7.2 VitalQIP configures zones for DNS Views through one of these methods: • Sharing existing global zone data into a DNS View. Any subsequent changes made to the data in the global zone, except the SOA MNAME and NS records, comprise the zone data in the DNS View. • Defining a zone with contents specific to a DNS View. All new data specified through Object FQDNs and View-specific Node Domain Names in addition to new SOA, and NS records comprise the zone data in the DNS View. Both methods allow DNS to provide different access or restrictions. Only view specific zones can provide clients with answers that are different from the global namespace. There are many scenarios in which a customer may choose to use BIND Views, the following are a few examples: • Customers that use DNS Views to have the DNS server responded differently depending on where the request was located geographically. In this case, customers use geographicallyoriented Access Control Lists (ACLs), and then use DNS Views to direct a client in a particular area to the closest gateway or server for that area. • Another use case is the situation where a name server can provide different responses to queries from internal hosts in an organization’s intranet and external hosts in the Internet. Thereby responded differently to internal and external requests. 7.3 Report Enhancements In the VitalQIP 7.x release incorporated a new reporting package called Jasper Reports. This allows both patch and major releases to incorporate more and more reports to better server our overall customer base and needs. In this release, in addition to new reports, the report hierarchy has been reorganized so that reports for a specific feature can be collapsed or hidden altogether. Enhanced reports available in 7.2: • Audit Reports have been added for Subnet Organization, Network, Organization, DNS View, and Managed Files • ACL Template Usage Reports: List all the Views, Zones, ACLs etc., in which the specified ACL Template is in use. An administrator would use this information before the deletion of an ACL. • Report on Objects by Address Range • Resource Record Report permits Resource Records to be searched by Type of RR (A, PTR, CNAME, MX, and so on), and the level at which it exists (All, Domain, Reverse Zone, and Object) • Report Generation from Search Results for a Node, an IPv4 Object, or Resource Records • Object by Administrator Report • Resource Records by Zone and View Specific Zone Report • View Specific Zone Reports supports DNS Views Resource Records • Audit Reports for Admin Roles and Managed Lists © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 50 VitalQIP Product Description • What’s New in VitalQIP 7.2 DHCP Utilization Report 7.4 Managed Files VitalQIP provides a new feature called Managed Files as a mechanism to centrally manage files distributed to remote servers. Managed Files can be used to distribute callouts, scripts, zone files, and BIND include files, or any other text-based files to remote servers. Managed Files can be used in conjunction with server side callouts to replace or augment the VitalQIP-generated server configuration. Managed Files can be used as DNS include files to publish the same set of relative host names in different zones. The same data gets published in multiple zone files and thereby gets different FQDNs. This feature can be used by customers extensively to provide more flexibility in managing files within VitalQIP, as an example, a customer could use this for VoIP Phone configuration files that are required. 7.5 MyView MyView gives administrators and users the ability to narrow down and refine the scope of tasks visible to a user so that a user can better focus on their specific tasks that they work on. In addition, it provides the ability to define a customized hierarchical view of data. This provides further refinement and simplification for more efficient operations. As users expand the use of VitalQIP in their operations environments globally, the ability for administrators to refine the UI ‘view’ to allow for focus to be on specific tasks that are relevant to a users job definition by simplifying the feature set that individual users are responsible for to view on their GUI screens becomes critical. MyView feature allows administrators to define various hierarchal views of the data. Thereby presentation of the hierarchy can be user-defined depending on the business focus and breakdown. As well as to create Views and assign to other administrators and users. In an environment where IT organizations are continually looking to increase efficiencies in each employee, being able to further simplify the UI where they perform their specific functions allows for increased productivity. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 51 VitalQIP Product Description What’s New in VitalQIP 7.2 Customize Administrators view with the MyView feature Normal administrator logged in with a custom view that allows them to view only what they need to see. Many tabs are missing The view can be customized further by the normal administrator. Notice this admin only has access to Region 1 and no other regions All Rights Reserved © Alcatel-Lucent 2009 •16 | Alcatel-Lucent Enterprise Forum 2009 © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 52 VitalQIP Product Description What’s New in VitalQIP 7.2 7.6 What’s New in QIP Appliances for QIP 7.2 VitalQIP Anycast DNS Why Anycast? Multiple Servers share same IP Address Client Transparency DNS Server Reliability (Failover) Distributed Response to DoS attacks DNS Service Load Balancing 10.0.0.1 (lo) Client Query: www.dns.com 192.168.1.10 (eth0) www.dns.com. IN A 10.0.0.1 Router 1 DNS Server 1 Router 2 10.0.0.1 (lo) 192.168.2.20 (eth0) Routing Table: Destination Next Hop Distance 10.0.0.1 Router 2 1 10.0.0.1 Router 3 2 Router 3 DNS Server 2 Router 4 All Rights Reserved © Alcatel-Lucent 2009 •28 | Alcatel-Lucent Enterprise Forum 2009 DHCP Manager ALU AMS QIP not needed for single small networks. As the customer needs grow QIP can be introduced and all data migrated into QIP ALU AMM DHCP remote Future ALU DHCP support in other ALU equipment without the need of QIP ALU AMS GUI •29 | Alcatel-Lucent Enterprise Forum 2009 All Rights Reserved © Alcatel-Lucent 2009 © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 53 VitalQIP Product Description 8 Standard compliance – RFC’s supported STANDARD COMPLIANCE – RFC’S SUPPORTED VitalQIP is an IP Name and Addresses management system that has been developed in accordance with IETF DHCP and DNS RFC specifications. 8.1 DNS RFCs RFC952 DOD INTERNET HOST TABLE SPECIFICATION RFC1032 Domain Administrators Guide RFC1033 Domain Administrators Operations Guide RFC1034 Domain Names - Concepts and Facilities RFC1035 Domain Names - Implementation and Specification RFC1101 DNS Encoding of Network Names and Other Types RFC1122 Requirements for Internet Hosts - Communication Layers RFC1123 Requirements for Internet Hosts - Application and Support RFC1183 New DNS RR Definitions RFC1348 DNS NSAP RRs RFC1535 A Security Problem and Proposed Correction with Widely Deployed DNS Software RFC1536 Common DNS Implementation Errors and Suggested Fixes RFC1537 Common DNS Data File Configuration Error RFC1591 Domain Name System Structure and Delegation RFC1611 DNS Server MIB Extensions RFC1612 DNS Resolver MIB Extensions RFC1706 DNS NSAP Resource Records RFC1712 DNS Encoding of Geographical Location RFC1750 Randomness Recommendations for Security RFC1876 A Means for Expressing Location Information in the Domain Name System RFC1882 Serial Number Arithmetic RFC1995 Incremental Zone Transfer in DNS RFC1996 A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY) RFC2052 A DNS RR for specifying the location of services (DNS SRV) RFC2052 A DNS RR for Specifying the Location of Services (DNS SRV) RFC2104 HMAC: Keyed-Hashing for Message Authentication RFC2119 Key words for use in RFCs to Indicate Requirement Levels RFC2133 Basic Socket Interface Extensions for IPv6 RFC2136 Dynamic Updates in the Domain Name System (DNS UPDATE) (BIND 8.1 Only) RFC2137 Secure Domain Name System Dynamic Update RFC2163 Using the Internet DNS to Distribute MIXER Conformant Global Address Mapping (MCGAM) RFC2168 Resolution of Uniform Resource Identifiers using the Domain Name System RFC2181 Clarifications to the DNS Specification © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 54 VitalQIP Product Description Standard compliance – RFC’s supported RFC2230 Key Exchange Delegation Record for the DNS RFC2308 Negative Caching of DNS Queries (DNS NCACHE) RFC2317 Classless IN-ADDR.ARPA delegation RFC2373 IP Version 6 Addressing Architecture RFC2374 An IPv6 Aggregatable Global Unicast Address Format RFC2375 IPv6 Multicast Address Assignments RFC2418 IETF Working Group Guidelines and Procedures RFC2535 Domain Name System Security Extensions RFC2536 DSA KEYs and SIGs in the Domain Name System (DNS) RFC2537 RSA/MD5 KEYs and SIGs in the Domain Name System (DNS) RFC2538 Storing Certificates in the Domain Name System (DNS) RFC2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS) RFC2540 Detached Domain Name System (DNS) Information RFC2541 DNS Security Operational Considerations RFC2553 Basic Socket Interface Extensions for IPv6 RFC2671 Extension Mechanisms for DNS (EDNS0) RFC2672 Non-Terminal DNS Name Redirection RFC2673 Binary Labels in the Domain Name System RFC2782 A DNS RR for specifying the location of services (DNS SRV) RFC2825 A Tangled Web: Issues of I18N, Domain Names, and the Other Internet protocols RFC2826 IAB Technical Comment on the Unique DNS Root RFC2845 Secret Key Transaction Authentication for DNS (TSIG) RFC2874 DNS Extensions to Support IPv6 Address Aggregation and Renumbering RFC2915 Domain Name System (DNS) IANA Considerations RFC2929 Domain Name System (DNS) IANA Considerations RFC2930 Secret Key Establishment for DNS (TKEY RR) RFC2931 DNS Request and Transaction Signatures ( SIG(0)s ) RFC3007 Secure Domain Name System (DNS) Dynamic Update RFC3008 Domain Name System Security (DNSSEC) Signing Authority RFC3071 Reflections on the DNS, RFC 1591, and Categories of Domains RFC3090 DNS Security Extension Clarification on Zone Status RFC3110 RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS) RFC3123 A DNS RR Type for Lists of Address Prefixes (APL RR) RFC3152 Delegation of IP6.ARPA RFC3197 Applicability Statement for DNS MIB Extensions RFC3225 Indicating Resolver Support of DNSSEC RFC3226 DNSSEC and IPv6 A6 aware server/resolver message size requirements RFC3258 Distributing Authoritative Name Servers via Shared Unicast Addresses © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 55 VitalQIP Product Description Standard compliance – RFC’s supported RFC3363 Representing Internet Protocol version 6 (IPv6) Addresses in the Domain Name System (DNS) RFC3364 Tradeoffs in Domain Name System (DNS) Support for Internet Protocol version 6 (IPv6) RFC3425 Obsoleting IQUERY RFC3445 Limiting the Scope of the KEY Resource Record (RR) RFC3490 Internationalizing Domain Names In Applications (IDNA) RFC3491 Nameprep: A Stringprep Profile for Internationalized Domain Names (IDN) RFC3492 Punycode:A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA) RFC3493 Basic Socket Interface Extensions for IPv6 RFC3513 Internet Protocol Version 6 (IPv6) Addressing Architecture RFC3596 DNS Extensions to Support IP Version 6 RFC3597 Handling of Unknown DNS Resource Record (RR) Types RFC3645 Generic Security Service Algorithm for Secret Key Transaction Authentication for DNS (GSSTSIG) RFC3655 Redefinition of DNS Authenticated Data (AD) bit RFC3658 Delegation Signer (DS) Resource Record (RR) RFC3757 Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag RFC3833 Threat Analysis of the Domain Name System (DNS) RFC3845 DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format RFC3901 DNS IPv6 Transport Operational Guidelines RFC4025 A Method for Storing IPsec Keying Material in DNS RFC4033 DNS Security Introduction and Requirements RFC4034 Resource Records for the DNS Security Extensions RFC4035 Protocol Modifications for the DNS Security Extensions RFC4074 Common Misbehavior Against DNS Queries for IPv6 Addresses RFC4159 Deprecation of "ip6.int" RFC4193 Unique Local IPv6 Unicast Addresses RFC4255 Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints RFC4343 Domain Name System (DNS) Case Insensitivity Clarification RFC4367 What's in a Name: False Assumptions about DNS Names RFC4431 The DNSSEC Lookaside Validation (DLV) DNS Resource Record 8.2 DHCP RFCs RFC1534 Interoperation between DHCP and BOOTP RFC2131 Dynamic Host Configuration Protocol RFC2132 DHCP Options and BOOTP Vendor Extensions RFC2241 DHCP Options for Novell Directory Services RFC2242 Netware/IP Domain Name and Information RFC2485 DHCP Option for The Open Group's User Authentication © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 56 VitalQIP Product Description Implementation, Configuration, and Testing (Software integration services) RFC2563 DHCP Option to Disable Stateless Auto-Configuration in IPv4 RFC2610 DHCP Options for Service Location Protocol RFC3004 User Class Option RFC3011 Subnet Selection Option RFC3046 DHCP Relay Agent Information Option RFC3256 The DOCSIS Device Class DHCP Relay Agent Information Sub-option RFC3396 Encoding Long Options in the Dynamic Host Configuration Protocol (DHCPv4) RFC3397 Domain Search Option RFC3442 The Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP) version 4 RFC3495 Dynamic Host Configuration Protocol (DHCP) Option for CableLabs ClientConfiguration. RFC3527 Link Selection sub-option for the Relay Agent Information Option for DHCPv4 RFC3361 SIP Server option RFC4280 DHCP Options for Broadcast and Multicast Control Servers RFC4702 DHCP Client Fully Qualified Domain Name Option RFC4833 Timezone Options for DHCP 9 IMPLEMENTATION, CONFIGURATION, AND TESTING (SOFTWARE INTEGRATION SERVICES) Implementation and integration services for VitalQIP are available from Professional Services. 10 PRODUCT EDUCATION AND TRAINING Four education courses are currently available for VitalQIP: • DNS Technical Training - In depth course on DNS technology (3 days). • DHCP Technical Training - In depth course covering DHCP technology (2 days). • VitalQIP System Administration - In-depth course on VitalQIP operation and administration (5 days). • VitalQIP Integration – In-depth course for integrating VitalQIP into an existing environment. 11 FUTURE ENHANCEMENTS The VitalQIP organization within Alcatel-Lucent has a customer accessible web site, where requests for enhancements (RFEs) can be entered. Product management periodically reviews the outstanding RFEs and assigns a disposition regarding release planned or rejection of the request. The VitalQIP roadmap is updated monthly and is available internally at http://insolutions.web.AlcatelLucent.com/go/roadmap/access.shtml © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 57 VitalQIP Product Description Future Enhancements APPENDIX I: ACRONYM GLOSSARY API Application Programming Interface ARIN American Registry for Internet Numbers, one of three IP network address assignment authorities BootP Bootstrap Protocol, a precursor to DHCP CLI Command Line Interface DHCP Dynamic Host Configuration Protocol DNS Domain Name System EMS Element Management System GSS-TSIG Generic Security Specification - Transaction Signature GUI Graphical User Interface IETF Internet Engineering Task Force IP Internet Protocol MAC Media Access Control; MAC address is the data link layer (layer 2) address, typically an Ethernet address in an enterprise network. NIS Network Information System, a Sun developed precursor to DNS. OSPF Open Shortest Path First, a common routing protocol RAS Remote Access Server, e.g., for dial-up Internet or corporate access RFC Request for Comments, IETF documents defining the many facets of the Internet Protocol RFE Request for Enhancement RMON Remote Monitoring, a "probe" which counts packets, bytes and other information for IP traffic monitoring and reporting. TCP Transmission Control Protocol, connection oriented transport layer protocol of the TCP/IP suite. URL Uniform Resource Locator; e.g., http://www.Alcatel-Lucent.com APPENDIX II: AVAILABILITY AND ORDERING VitalQIP is available today. Please see contact the local sales or partner for pricing and additional information. © Copyright 2009 Alcatel-Lucent Use pursuant to company instructions Page 58